[guardian-dev] Moving beyond XMPP

Dominik Schürmann dominik at dominikschuermann.de
Fri Dec 6 13:03:21 EST 2013 

Hey,

just some reasons, why I don't think it is a good idea to use closed
protocols of whatsapp or line and put encryption on top of it:

- To use encryption you need to install an additional client like
Chatsecure, sending encrypted messages to people using Whatsapp's
application will result in confusion (they see garbage).

- Even more devasting, if the user has Chatsecure installed besides the
official Whatsapp's app the message could end up in Chatsecure AND
Whatsapp -> confusion

- I see no difference in the adoption hassle for non-technical friends
of mine: Either I say them:
a) Install chatsecure to chat securely with me (with whatsapp protocol)
b) Install chatsecure to chat securely with me (over protocol XYZ)

In the end the user is not interested in protocol details. What matters
is that he/she needs to install another app on the mobile device to be
able to chat securely with me.

You could say: Yes, but if it works over whatsapp's protocol, he/she
could also chat with people using the official whatsapp client. Here I
see no advantage, as communication would be in plaintext.

Why is Whatsapp successful:
- no registration
- automatic discovery of chat partners by using telephone number from
the address book as identifiers
On open protocol supporting these features _and_ offline messages and I
am sold ;)

Regards
Dominik

On 12/05/2013 04:38 PM, Nathan of Guardian wrote:
> 
> One of the cool features of ChatSecure/Gibberbot that we have barely
> supported is the ability to add new protocol plugins. This is how we
> support Bonjour/ZeroConf messaging, but other than that, we haven't
> implemented any new protocol plugins.
> 
> I am planning our activities for 2014, and am trying to decide where we
> should best spend our time. We already have a bunch of great things in
> the works on app sharing (Bazaar) and general encrypted data/file
> sharing (OTRDATA, Dataplug). However, I want to also explore making
> ChatSecure work with other services and protocols.
> 
> In the very near term, I am working on a Bluetooth messaging plugin, so
> that the app can be used for secure messaging when there is no internet
> available, or its better to use in a physically near location. This
> would be useful for protests, "squares", classrooms, public cafes, etc,
> and be a carrier for some of our OTRDATA app messages like the Bazaar
> app syncing project.
> 
> There are some existing open APIs for WhatsApp and WeChat, and Line's
> protocol can likely be sniffed and reversed. Should we get into a battle
> with these companies by trying to be the first "safe and secure" client
> app for their services? Should we call them out publicly to be granted
> favored app status, perhaps appealing to their interest in supporting
> business or enterprise users? My end goal here is that we can convert
> some small percentage of the 100millions users these systems have. In
> addition, Line, Viber, etc are being increasingly targeted and blocked
> by countries who don't care for them.
> 
> Or is that all a waste of time? Is going back to the days of hacking AIM
> not a good approach?
> 
> Should we instead focus on enhancing XMPP in open an extensible ways, or
> supporting some of these new protocols like Telegram
> (http://core.telegram.org/api) and BitMessage? Or perhaps this new
> Layer.com thing I sent the link out about?
> 
> The Briar Project is one that is near to our hearts, as well, so maybe
> we should focus on being a really great Briar client? Along those lines,
> we could also support TextSecure's SMS protocol and/or spend more time
> ensuring interoperability with Cryptocat's mpOTR/XMPP-MUC system.
> 
> There are many possibilities out there, and we can't do them all. My
> goal is to ensure ChatSecure stays current and relevant, while staying
> open and interoperable. In the end, ChatSecure != XMPP client only, and
> we need to make sure people can tangible feel that.
> 
> Thanks for your thoughts and feedback.
> 
> +n
> 
> 
> 
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/dominik%40dominikschuermann.de
> 
> You are subscribed as: dominik at dominikschuermann.de
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 555 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20131206/7f2387f6/attachment.pgp>

More information about the Guardian-dev mailing list